As much as many organizations won't want to admit it - I think you're dead on right. TI is about context and action - not specifics. Right now "product" TI systems are trying to cram in more ~specifics~ which just elevates the barrier to entry for use.
Instead, as you suggest, all the context you need is 'What' and 'What to do NOW' .. the rest doesn't matter to 99% of organizations. AND, if we're lucky in the next decade, regulatory agencies and their proxies will realize that too and stop requiring massive DFIR efforts for essentially the same exact result. Rinse --> Buy everyone identity theft protection for a year --> Fire someone --> Repeat .. Thank you Dave, -Ali On Tue, Aug 12, 2014 at 2:44 PM, Dave Aitel <[email protected]> wrote: > https://vimeo.com/102641000 > > I did a dry run of a talk I did last week and it's now up for your > viewing pleasure/pain. :> > > -dave > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
